Smart cards or IC cards offer a huge potential for information processing purposes. The portability and processing power of IC cards allow for highly secure conditional access and reliable distributed information processing. IC cards that can perform highly sophisticated cryptographic computations are already available. Their application in the financial services and telecom industries are well known. But the potential of IC cards go well beyond that. Their applicability in mainstream Information Technology and the Networked Economy is limited mainly by our imagination; the information processing power that can be gained by using IC cards remains as yet mostly untapped and is not well understood. Here lies a vast uncovered research area which we are only beginning to assess, and which will have a great impact on the eventual success of the technology. The research challenges range from electrical engineering on the hardware side to tailor-made cryptographic applications on the software side, and their synergies. This volume comprises the proceedings of the Fourth Working Conference on Smart Card Research and Advanced Applications (CARDIS 2000), which was sponsored by the International Federation for Information Processing (IFIP) and held at the Hewlett-Packard Labs in the United Kingdom in September 2000. CARDIS conferences are unique in that they bring together researchers who are active in all aspects of design of IC cards and related devices and environments, thus stimulating synergy between different research communities from both academia and industry. This volume presents the latest advances in smart card research and applications, and will be essential reading for smart card developers, smart card application developers, and computer science researchers involved in computer architecture, computer security, and cryptography.

In light of the rapidly escalating age of uncertainty in the IT security and privacy world, this book provides the professional IT community and, in particular, security and data protection experts and researchers, with a selection of state-of-the-art material on emerging technologies for IT security and privacy issues. Furthermore, the book analyzes the new security threats and vulnerabilities that appear in modern information societies.

Security and Privacy in the Age of Uncertainty covers issues related to security and privacy of information in a wide range of applications including:
*Secure Networks and Distributed Systems;
*Secure Multicast Communication and Secure Mobile Networks;
*Intrusion Prevention and Detection;
*Access Control Policies and Models;
*Security Protocols;
*Security and Control of IT in Society. This volume contains the papers selected for presentation at the 18th International Conference on Information Security (SEC2003) and at the associated workshops. The conference and workshops were sponsored by the International Federation for Information Processing (IFIP) and held in Athens, Greece in May 2003.

The growing popularity of Service Oriented Architectures is mainly due to business and technology trendsthat have crystallized over thepast decade. On the business side, companies struggle to survive in a competitive - vironment that pushes them towards a tighter integration into an industry's value chain, to outsource non core business operations or to constantly- engineer business processes. These challenges boosted the demand for sc- able IT-solutions, with e?orts ultimately resulting in a ?exible architectural paradigm - Service Oriented Architectures. On the technical side, middleware standards, technologies and archit- turesbasedonXMLand Webservicesaswellastheirsecurityextensionshave matured to a sound technology base that guarantees interoperability across enterprise and application boundaries - a prerequisite to inter-organizational applications and work?ows. While the principles and concepts of Service Oriented Architectures may lookevidentandcogentfromaconceptualperspective, therealizationofint- organizational work?ows and applications based on the paradigm "Service Oriented Architecture" remains a complex task, and, all the more when it comes to security, the implementation is still bound to low-level technical knowledgeandhence error-prone. The number of books and publications o?ering implementation-level c- erageofthetechnologies, standardsandspeci?cationsasrequiredbytechnical developers lookingfor guidance on how to"add"security to service oriented solutions based on Web services and XML technology is already considerable and ever growing. The present book sets a di?erent focus. Based on the p- adigmof Model Driven Security, it shows how to systematically designand realize security-critical applications for Service Oriented Architectures.

This is a textbook for a course (or self-instruction) in cryptography with emphasis on algebraic methods. The first half of the book is a self-contained informal introduction to areas of algebra, number theory, and computer science that are used in cryptography. Most of the material in the second half - "hidden monomial" systems, combinatorial-algebraic systems, and hyperelliptic systems - has not previously appeared in monograph form. The Appendix by Menezes, Wu, and Zuccherato gives an elementary treatment of hyperelliptic curves. This book is intended for graduate students, advanced undergraduates, and scientists working in various fields of data security.

This book consists of a collection of works on utilizing the automatic identification technology provided by Radio Frequency Identification (RFID) to address the problems of global counterfeiting of goods. The book presents current research, directed to securing supply chains against the efforts of counterfeit operators, carried out at the Auto-ID Labs around the globe. It assumes very little knowledge on the part of the reader on Networked RFID systems as the material provided in the introduction familiarizes the reader with concepts, underlying principles and vulnerabilities of modern RFID systems.

Synchronizing E-Security is a critical investigation and empirical analysis of studies conducted among companies that support electronic commerce transactions in both advanced and developing economies. This book presents insights into the validity and credibility of current risk assessment methods that support electronic transactions in the global economy. Synchronizing E-Security focuses on a number of case studies of IT companies, within selected countries in West Africa, Europe, Asia and the United States. The foundation of this work is based on previous studies by Williams G., Avudzivi P.V (Hawaii 2002) on the retrospective view of information security management and the impact of tele-banking on the end-user.

Foreword by Lars Knudsen
"Practical Intranet Security" focuses on the various ways in which an intranet can be violated and gives a thorough review of the technologies that can be used by an organization to secure its intranet. This includes, for example, the new security architecture SESAME, which builds on the Kerberos authentication system, adding to it both public-key technology and a role-based access control service. Other technologies are also included such as a description of how to program with the GSS-API, and modern security technologies such as PGP, S/MIME, SSH, SSL IPSEC and CDSA. The book concludes with a comparison of the technologies.
This book is different from other network security books in that its aim is to identify how to secure an organization's intranet. Previously books have concentrated on the Internet, often neglecting issues relating to securing intranets. However the potential risk to business and the ease by which intranets can be violated is often far greater than via the Internet.
The aim is that network administrators and managers can get the information that they require to make informed choices on strategy and solutions for securing their own intranets.
The book is an invaluable reference for network managers and network administrators whose responsibility it is to ensure the security of an organization's intranet. The book also contains background reading on networking, network security and cryptography which makes it an excellent research reference and undergraduate/postgraduate text book.

Cryptography, secret writing, is enjoying a scientific renaissance following the seminal discovery in 1977 of public-key cryptography and applications in computers and communications. This book gives a broad overview of public-key cryptography - its essence and advantages, various public-key cryptosystems, and protocols - as well as a comprehensive introduction to classical cryptography and cryptoanalysis. The second edition has been revised and enlarged especially in its treatment of cryptographic protocols. From a review of the first edition: "This is a comprehensive review ... there can be no doubt that this will be accepted as a standard text. At the same time, it is clearly and entertainingly written ... and can certainly stand alone." Alex M. Andrew, Kybernetes, March 1992

Key to our culture is that we can disseminate information, and then maintain and access it over time. While we are rapidly advancing from vulnerable physical solutions to superior, digital media, preserving and using data over the long term involves complicated research challenges and organization efforts.

Uwe Borghoff and his coauthors address the problem of storing, reading, and using digital data for periods longer than 50 years. They briefly describe several markup and document description languages like TIFF, PDF, HTML, and XML, explain the most important techniques such as migration and emulation, and present the OAIS (Open Archival Information System) Reference Model. To complement this background information on the technology issues the authors present the most relevant international preservation projects, such as the Dublin Core Metadata Initiative, and experiences from sample projects run by the Cornell University Library and the National Library of the Netherlands. A rated survey list of available systems and tools completes the book.

With this broad overview, the authors address librarians who preserve our digital heritage, computer scientists who develop technologies that access data, and information managers engaged with the social and methodological requirements of long-term information access.

This book contains a selection of the best papers given at an international conference on advanced computer systems. The Advanced Computer Systems Conference was held in October 2006, in Miedzyzdroje, Poland. The book is organized into four topical areas: Artificial Intelligence; Computer Security and Safety; Image Analysis, Graphics and Biometrics; and Computer Simulation and Data Analysis.

Computer technology evolves at a rate that challenges companies to maintain appropriate security for their enterprises. With the rapid growth in Internet and www facilities, database and information systems security remains a key topic in businesses and in the public sector, with implications for the whole of society. Research Advances in Database and Information Systems Security covers issues related to security and privacy of information in a wide range of applications, including: Critical Infrastructure Protection; Electronic Commerce; Information Assurance; Intrusion Detection; Workflow; Policy Modeling; Multilevel Security; Role-Based Access Control; Data Mining; Data Warehouses; Temporal Authorization Models; Object-Oriented Databases. This book contains papers and panel discussions from the Thirteenth Annual Working Conference on Database Security, organized by the International Federation for Information Processing (IFIP) and held July 25-28, 1999, in Seattle, Washington, USA. Research Advances in Database and Information Systems Security provides invaluable reading for faculty and advanced students as well as for industrial researchers and practitioners engaged in database security research and development.

Biometric Solutions for Authentication in an E-World provides a collection of sixteen chapters containing tutorial articles and new material in a unified manner. This includes the basic concepts, theories, and characteristic features of integrating/formulating different facets of biometric solutions for authentication, with recent developments and significant applications in an E-world. This book provides the reader with a basic concept of biometrics, an in-depth discussion exploring biometric technologies in various applications in an E-world. It also includes a detailed description of typical biometric-based security systems and up-to-date coverage of how these issues are developed. Experts from all over the world demonstrate the various ways this integration can be made to efficiently design methodologies, algorithms, architectures, and implementations for biometric-based applications in an E-world.

Research Directions in Data and Applications Security describes original research results and innovative practical developments, all focused on maintaining security and privacy in database systems and applications that pervade cyberspace. The areas of coverage include:

-Role-Based Access Control;
-Database Security;
-XML Security;
-Data Mining and Inference;
-Multimedia System Security;
-Network Security;
-Public Key Infrastructure;
-Formal Methods and Protocols;
-Security and Privacy.

Database and Application Security XV provides a forum for original research results, practical experiences, and innovative ideas in database and application security. With the rapid growth of large databases and the application systems that manage them, security issues have become a primary concern in business, industry, government and society. These concerns are compounded by the expanding use of the Internet and wireless communication technologies.

This volume covers a wide variety of topics related to security and privacy of information in systems and applications, including:

• Access control models;
• Role and constraint-based access control;
• Distributed systems;
• Information warfare and intrusion detection;
• Relational databases;
• Implementation issues;
• Multilevel systems;
• New application areas including XML.

Database and Application Security XV contains papers, keynote addresses, and panel discussions from the Fifteenth Annual Working Conference on Database and Application Security, organized by the International Federation for Information Processing (IFIP) Working Group 11.3 and held July 15-18, 2001 in Niagara on the Lake, Ontario, Canada.

Handbook of Database Security: Applications and Trends provides an up-to-date overview of data security models, techniques, and architectures in a variety of data management applications and settings. In addition to providing an overview of data security in different application settings, this book includes an outline for future research directions within the field. The book is designed for industry practitioners and researchers, and is also suitable for advanced-level students in computer science.

Using the quantum properties of single photons to exchange binary keys between two partners for subsequent encryption of secret data is an absolutely novel technology. Only a few years ago quantum cryptography or better: quantum key distribution (QKD) was the domain of basic research laboratories at universities. But during the last few years things changed. QKD left the laboratories and was picked up by more practical oriented teams that worked hard to develop a practically applicable technology out of the astonishing results of basic research.

One major milestone towards a QKD technology was a large research and development project funded by the European Commission that aimed at combining quantum physics with complementary technologies that are necessary to create a technical solution: electronics, software, and network components were added within the project SECOQC (Development of a Global Network for Secure Communication based on Quantum Cryptography) that teamed up all expertise on European level to get a technology for future encryption.

The practical application of QKD in a standard optical fibre network was demonstrated October 2008 in Vienna, giving a glimpse of the future of secure communication. Although many steps have still to be done in order to achieve a real mature technology, the corner stone for future secure communication is already laid.

QKD will not be the Holy Grail of security, it will not be able to solve all problems for evermore. But QKD has the potential to replace one of the weakest parts of symmetric encryption: the exchange of the key. It can be proven that the key exchange process cannot be corrupted and that keys that are generated and exchanged quantum cryptographically will be secure for ever (as long as some additional conditions are kept).

This book will show the state of the art of Quantum Cryptography and it will sketch how it can be implemented in standard communication infrastructure. The growing vulnerability of sensitive data requires new concepts and QKD will be a possible solution to overcome some of today s limitations."

The volume provides state-of-the-art in non-repudiation protocols and gives insight of its applicability to e-commerce applications. This professional book organizes the existing scant literature regarding non-repudiation protocols with multiple entities participation. It provides the reader with sufficient grounds to understand the non-repudiation property and its applicability to real applications. This book is essential for professional audiences with in-depth knowledge of information security and a basic knowledge of applied cryptography. The book is also suitable as an advanced-level text or reference book for students in computer science.

This book presents the most recent achievements in some rapidly developing fields within Computer Science. This includes the very latest research in biometrics and computer security systems, and descriptions of the latest inroads in artificial intelligence applications. The book contains over 30 articles by well-known scientists and engineers. The articles are extended versions of works introduced at the ACS-CISIM 2005 conference.

Recent Advances in RSA Cryptography surveys the most important achievements of the last 22 years of research in RSA cryptography. Special emphasis is laid on the description and analysis of proposed attacks against the RSA cryptosystem. The first chapters introduce the necessary background information on number theory, complexity and public key cryptography. Subsequent chapters review factorization algorithms and specific properties that make RSA attractive for cryptographers. Most recent attacks against RSA are discussed in the third part of the book (among them attacks against low-exponent RSA, Hastad's broadcast attack, and Franklin-Reiter attacks). Finally, the last chapter reviews the use of the RSA function in signature schemes. Recent Advances in RSA Cryptography is of interest to graduate level students and researchers who will gain an insight into current research topics in the field and an overview of recent results in a unified way. Recent Advances in RSA Cryptography is suitable as a secondary text for a graduate level course, and as a reference for researchers and practitioners in industry.

YOU HAVE TO OWN THIS BOOK!

"Software Exorcism: A Handbook for Debugging and Optimizing Legacy Code" takes an unflinching, no bulls$&# look at behavioral problems in the software engineering industry, shedding much-needed light on the social forces that make it difficult for programmers to do their job. Do you have a co-worker who perpetually writes bad code that "you" are forced to clean up? This is your book. While there are plenty of books on the market that cover debugging and short-term workarounds for bad code, Reverend Bill Blunden takes a revolutionary step beyond them by bringing our attention to the underlying illnesses that plague the software industry as a whole.

Further, "Software Exorcism" discusses tools and techniques for effective and aggressive debugging, gives optimization strategies that appeal to all levels of programmers, and presents in-depth treatments of technical issues with honest assessments that are not biased toward proprietary solutions.

Considered the gold-standard reference on information security, the Information Security Management Handbook provides an authoritative compilation of the fundamental knowledge, skills, techniques, and tools required of today's IT security professional. Now in its sixth edition, this 3200 page, 4 volume stand-alone reference is organized under the CISSP Common Body of Knowledge domains and has been updated yearly. Each annual update, the latest is Volume 6, reflects the changes to the CBK in response to new laws and evolving technology.